US20160241390A1 - Cloud Encryption Key Broker Apparatuses, Methods and Systems - Google Patents
Cloud Encryption Key Broker Apparatuses, Methods and Systems Download PDFInfo
- Publication number
- US20160241390A1 US20160241390A1 US15/045,435 US201615045435A US2016241390A1 US 20160241390 A1 US20160241390 A1 US 20160241390A1 US 201615045435 A US201615045435 A US 201615045435A US 2016241390 A1 US2016241390 A1 US 2016241390A1
- Authority
- US
- United States
- Prior art keywords
- key
- complete
- security analysis
- cloud
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Definitions
- the present innovations are directed generally to multi-party encryption approaches and more particularly, to CLOUD ENCRYPTION KEY BROKER APPARATUSES, METHODS AND SYSTEMS or CEKB.
- FIG. 1 is a block diagram depicting a cloud encryption key broker system.
- FIG. 2 is a block diagram depicting key processing and security-related operations associated with the cloud encryption key broker system.
- FIG. 3 is a process flow diagram illustrating an operational scenario involving the cloud encryption key broker system.
- FIGS. 4-6 are block diagrams depicting security-related operations and key processing operations associated with the cloud encryption key broker system.
- FIGS. 7 and 8 are block diagrams depicting additional computer-related environments within which a cloud encryption key broker system can operate.
- Computer-implemented systems and methods are disclosed herein, such as, for use with cryptographic operations.
- a processor-implemented system and method are disclosed for use with cryptographic operations over a cloud-based service.
- the cloud-based service securely stores and transmits parts of encryption/decryption keys.
- Split key processing can include splitting the key in two and storing one of them on a remote secure server.
- a payment processor provides a cloud service that combines split key processing as well as risk analysis of requests, IP blocking and access rule restrictions to securely store and transmit parts of encryption keys.
- a processor-impairment system and method for cryptographic operations through a remote networked service where a first portion of a key is stored.
- a remote request is received for retrieval of the first portion of the key, and a security analysis is performed upon the request.
- the first portion of the key is transmitted to the requester after security analysis criteria has been satisfied.
- a complete key is generated by combining the first portion of the key with a second portion of the key. The complete key is used to perform a cryptographic operation.
- FIG. 1 shows at 100 an example embodiment of a CEKB.
- the CEKB at 100 prevents theft of encryption/decryption keys by using a key broker system 106 .
- the cloud encryption key broker system 106 stores the keys used in encryption/decryption operations in a secure manner to help prevent such theft.
- the CEKB provides additional security when consumer users 104 purchase items via merchant applications 112 .
- the merchant applications 112 may be open to hacking, spoofing, and other security threats.
- the encryption key broker system 106 stores securely the encryption/decryption keys against potential malicious activities that may occur during payment transaction processing or otherwise.
- the cloud encryption key broker system 106 is not limited to only purchasing-type transactions but may be used in many other types of operations outside of a financial/purchasing environment.
- the consumer users 104 can directly or indirectly interact with a cloud encryption key broker system 106 through a number of ways, such as over one or more networks 108 .
- Server(s) 110 accessible through the network(s) 108 can host the system 106 .
- One or more data stores 102 can store the data to be analyzed and processed by the system 106 as well as any intermediate or final data generated by the system 106 .
- FIG. 2 depicts another example embodiment where a payment processor provides a cloud service for secure operations. More specifically, the cloud service securely stores and transmits parts of encryption/decryption keys as shown at 202 .
- Split key processing can include splitting the key in two and storing one of them on a remote secure server.
- the key would be split into two partial keys: 123 and 456. In this way, a hacker would have to breach a merchant's computer as well as bypass the remote secure server's security measures to gain access to the entire key. This approach prevents a hacker from breaching the system and stealing a key where a merchant has stored an encryption/decryption key on a secure computer.
- the cloud service can also combine additional security via processing 204 .
- Secure processing operations 204 can include techniques for detecting a network intrusion or other type of unauthorized access request.
- FIG. 3 shows an operational scenario example involving the encryption key broker system.
- a key is split into two parts. It should be understood that the system could also include splitting the key into more than two parts.
- one of the key parts is stored in a remote server.
- a partial-key request is subsequently received at step 304 .
- Security analysis is performed in this operational scenario upon the request at step 306 .
- Such analysis at step 306 can include a combination of risk analysis of requests, IP blocking and access rule restrictions to securely store and transmit parts of encryption/decryption keys.
- this can include at step 306 using artificial intelligence for intrusion detection.
- Prim's algorithm can also be used within step 306 for security operations.
- a description of the algorithm is provided in U.S. Pat. No. 8,924,270 entitled “Risk Assessment Rule Set Application For Fraud Prevention”, which document is incorporated herein for all purposes. It should be understood that many other types of security operations can be performed upon the request for the presence of malicious or unauthorized activity.
- the partial key is provided at step 308 to the requester.
- a software tool at the client side receives the partial key and combines it with one or more other partial keys for use in encryption/decryption operations.
- FIG. 4 depicts an embodiment of the CEKB at 400 where a cloud service is provided for securely storing and transmitting parts of encryption/decryption keys.
- the CEKB 400 stores at 410 parts of encryption/decryption keys remotely.
- these keys can be retrieved (e.g. from the remote database 410 ) and only used at the client in temporary memory 402 .
- these keys can be retrieved and used at the client in memory and elsewhere such as in a type of secure memory.
- a client tool known as the encryption key broker 404 (EKB) is provided that performs encrypting/decrypting routines.
- the EKB 404 calls out to a remote server on the cloud 406 to provide the necessary parts to complete the data encryption/decryption key.
- the key parts are transmitted in an encrypted form. These parts are decrypted, combined and the resulting data key is stored in memory 402 .
- FIG. 5 depicts an embodiment of the CEKB at 500 where a cloud service is provided by a payment processor or other type of company that combines risk analysis of requests, IP blocking, and access rule restrictions to securely store and transmit parts of encryption/decryption keys.
- the CEKB 500 can also include layers of security techniques. For example, a real-time risk scoring model can be used as shown at 506 to evaluate each request and generate a risk score as well as IP checks 502 .
- partners can define set rules, such as hours of the day or IP locations for restricting access.
- Batch risk models at 510 look for abnormal behavior across all partners. Keys involved in known breaches cannot be retrieved.
- FIG. 6 illustrates that security analysis operations can be further extended. For example, all communications are logged and tracked as shown at 602 . This enables rapid responses to identify the location of breaches.
- the CEKB may be used in many different types of scenarios, such as those involving remote transactions and payment requests.
- a “remote transaction” may include any transaction where one party to a transaction is separated by some distance and/or by a device from another party to a transaction.
- a remote transaction may include a “card—not present,” electronic commerce, or other online transaction performed through communication between two or more devices.
- remote transactions may include devices that are not present in the same location or multiple devices where the two parties (e.g., a merchant and a consumer) are not using the same device to complete the transaction.
- a remote transaction may include an in-store transaction that is not completed using a merchant point-of-sale device (i.e., access device) and instead is completed by a consumer using their mobile device to communicate with a remote (or local) merchant server computer configured to process the remote transactions.
- Traditionally, remote transactions have had a higher chance of fraud because remote transactions do not allow a payee the opportunity to identify the payer or otherwise ensure that the payment they are receiving is legitimate, as the two parties are not present in the same location during the transaction (such as in a “card present” or in-store transaction).
- a local, card present, face-to-face, or in-store transaction may include a transaction where two or more parties to a transaction are present in the same location, use the same transaction device, or is performed through at least one present individual or entity to authenticate the identity of a payer and/or payee.
- a “payment request” may include a message having a request to process or initiate a payment.
- the payment request may be sent from mobile device associated with a consumer in relation to a purchase transaction associated with goods or services provided by a merchant.
- the payment request may include any relevant information to the transaction including payment information (e.g., account identifiers, personal information, etc.), transaction information (e.g., merchant information, items being purchased, etc.), device information (e.g., mobile device phone number, secure element identifier, etc.), routing information (e.g., internet protocol (IP) address of a destination computer, identifier for destination computer, bank identification number (BIN), etc.), and any other relevant information to a payment transaction.
- payment information e.g., account identifiers, personal information, etc.
- transaction information e.g., merchant information, items being purchased, etc.
- device information e.g., mobile device phone number, secure element identifier, etc.
- routing information e.g., internet protocol (
- a payment request may include encrypted payment information for a transaction and may be sent to a third party computer that is configured to authenticate the payment request, validate a public key certificate, decrypt the encrypted payment information, extract a public key from the validated certificate, re-encrypt the decrypted payment information, and send the re-encrypted payment information to a transaction processor for initiation of a payment transaction.
- the payment request may include any information relevant to the secure process for transmitting sensitive data to a merchant server for processing a remote transaction.
- transaction information may include any data associated with a transaction.
- transaction information may include a transaction amount, transaction time, transaction date, merchant information (e.g., registered merchant identifier, address, merchant computer IP address, etc.), product information (e.g., serial numbers, product names or other identifiers, etc.).
- the transaction information may be provided to a mobile device by a merchant server computer before or after the consumer initiates a payment transaction through the merchant application.
- the transaction information may be used to identify a specific merchant associated with a transaction using the merchant information included in the transaction information.
- encrypted payment information may include any payment information that has been made unintelligible to some parties to prevent unauthorized access to the payment information.
- the encrypted payment information may not be read by a recipient without access to a shared secret or access to a designated encryption key.
- the encrypted payment information may be made unintelligible through a process that is reversible and repeatable such that two entities can share information using a shared secret or encryption keys without unauthorized entities being able to understand or gain access to the sensitive payment information or sensitive payment credentials within the payment information (unless they gain access to the shared secret or encryption keys).
- FIGS. 7 and 8 depict example systems for use with the operations disclosed herein.
- FIG. 7 depicts an exemplary system 700 that includes a computer architecture where a processing system 702 (e.g., one or more computer processors located in a given computer or in multiple computers that may be separate and distinct from one another) includes a CEKB 704 being executed on the processing system 702 .
- the processing system 702 has access to a computer-readable memory 707 in addition to one or more data stores 708 .
- the one or more data stores 708 may include user preferences 710 .
- the processing system 702 may be a distributed parallel computing environment, which may be used to handle very large-scale data sets.
- FIG. 8 depicts a system 720 that includes a client-server architecture.
- One or more user PCs 722 access one or more servers 724 running a CEKB system 737 on a processing system 727 via one or more networks 728 .
- the one or more servers 724 may access a computer-readable memory 730 as well as one or more data stores 732 .
- computer readable memories e.g., at 707
- data stores e.g., at 708
- computer readable memories may include one or more data structures for storing and associating various data used in the example systems.
- a data structure stored in any of the aforementioned locations may be used to store data including user preferences, etc.
- Each of the element managers, real-time data buffer, conveyors, file input processor, database index shared access memory loader, reference data buffer and data managers may include a software application stored in one or more of the disk drives connected to the disk controller, the ROM and/or the RAM.
- the processor may access one or more components as required.
- a display interface may permit information from the bus to be displayed on a display in audio, graphic, or alphanumeric format. Communication with external devices may optionally occur using various communication ports.
- the hardware may also include data input devices, such as a keyboard, or other input device, such as a microphone, remote control, pointer, mouse and/or joystick.
- data input devices such as a keyboard, or other input device, such as a microphone, remote control, pointer, mouse and/or joystick.
- the methods and systems described herein may be implemented on many different types of processing devices by program code comprising program instructions that are executable by the device processing subsystem.
- the software program instructions may include source code, object code, machine code, or any other stored data that is operable to cause a processing system to perform the methods and operations described herein and may be provided in any suitable language such as C, C++, JAVA, for example, or any other suitable programming language.
- Other implementations may also be used, however, such as firmware or even appropriately designed hardware configured to carry out the methods and systems described herein.
- the systems' and methods' data may be stored and implemented in one or more different types of computer-implemented data stores, such as different types of storage devices and programming constructs (e.g., RAM, ROM, Flash memory, flat files, databases, programming data structures, programming variables, IF-THEN (or similar type) statement constructs, etc.).
- storage devices and programming constructs e.g., RAM, ROM, Flash memory, flat files, databases, programming data structures, programming variables, IF-THEN (or similar type) statement constructs, etc.
- data structures describe formats for use in organizing and storing data in databases, programs, memory, or other computer-readable media for use by a computer program.
- a module or processor includes but is not limited to a unit of code that performs a software operation, and can be implemented for example as a subroutine unit of code, or as a software function unit of code, or as an object (as in an object-oriented paradigm), or as an applet, or in a computer script language, or as another type of computer code.
- the software components and/or functionality may be located on a single computer or distributed across multiple computers depending upon the situation at hand.
Abstract
Description
- This application claims priority to U.S. Patent Application Ser. No. 62/117,080, filed Feb. 17, 2015 and entitled “Cloud Encryption Key Broker Apparatuses, Methods And Systems.” The entire contents of the aforementioned application is expressly incorporated by reference herein.
- This application for letters patent disclosure document describes inventive aspects directed at various novel innovations (hereinafter “disclosure”) and contains material that is subject to copyright, mask work, and/or other intellectual property protection. The respective owners of such intellectual property have no objection to the facsimile reproduction of the disclosure by anyone as it appears in published Patent Office file/records, but otherwise reserve all rights.
- The present innovations are directed generally to multi-party encryption approaches and more particularly, to CLOUD ENCRYPTION KEY BROKER APPARATUSES, METHODS AND SYSTEMS or CEKB.
- In light of recent credit card and personal information leaks the need for a more secure method for securing encryption keys is evident. In recent breaches the data was encrypted on a secure server but the keys were stolen with the data allowing the data to be exposed.
- As an illustration, these breaches involved “secure” computers where a merchant stores encryption/decryption keys. When the hacker breached the secure computer, the hacker stole the key that was needed for cryptographic operations used in accessing the merchant's data. In view of this situation and others, security approaches associated with encryption/decryption operations can be improved.
- The accompanying appendices and/or drawings illustrate various non-limiting, example, innovative aspects in accordance with the present descriptions:
- The leading number of each reference number within the drawings indicates the figure in which that reference number is introduced and/or detailed. As such, a detailed discussion of reference number 101 would be found and/or introduced in
FIG. 1 . Reference number 201 is introduced inFIG. 2 , etc. -
FIG. 1 is a block diagram depicting a cloud encryption key broker system. -
FIG. 2 is a block diagram depicting key processing and security-related operations associated with the cloud encryption key broker system. -
FIG. 3 is a process flow diagram illustrating an operational scenario involving the cloud encryption key broker system. -
FIGS. 4-6 are block diagrams depicting security-related operations and key processing operations associated with the cloud encryption key broker system. -
FIGS. 7 and 8 are block diagrams depicting additional computer-related environments within which a cloud encryption key broker system can operate. - Computer-implemented systems and methods are disclosed herein, such as, for use with cryptographic operations. For example, a processor-implemented system and method are disclosed for use with cryptographic operations over a cloud-based service. The cloud-based service securely stores and transmits parts of encryption/decryption keys. Split key processing can include splitting the key in two and storing one of them on a remote secure server.
- As another example, a processor-implemented system and method are disclosed for cryptographic operations. A payment processor provides a cloud service that combines split key processing as well as risk analysis of requests, IP blocking and access rule restrictions to securely store and transmit parts of encryption keys.
- As yet another example, a processor-impairment system and method are disclosed for cryptographic operations through a remote networked service where a first portion of a key is stored. A remote request is received for retrieval of the first portion of the key, and a security analysis is performed upon the request. The first portion of the key is transmitted to the requester after security analysis criteria has been satisfied. A complete key is generated by combining the first portion of the key with a second portion of the key. The complete key is used to perform a cryptographic operation.
-
FIG. 1 shows at 100 an example embodiment of a CEKB. The CEKB at 100 prevents theft of encryption/decryption keys by using akey broker system 106. The cloud encryptionkey broker system 106 stores the keys used in encryption/decryption operations in a secure manner to help prevent such theft. For example, the CEKB provides additional security whenconsumer users 104 purchase items viamerchant applications 112. - The
merchant applications 112 may be open to hacking, spoofing, and other security threats. As such, the encryptionkey broker system 106 stores securely the encryption/decryption keys against potential malicious activities that may occur during payment transaction processing or otherwise. However, it should be understood that the cloud encryptionkey broker system 106 is not limited to only purchasing-type transactions but may be used in many other types of operations outside of a financial/purchasing environment. - The
consumer users 104 can directly or indirectly interact with a cloud encryptionkey broker system 106 through a number of ways, such as over one ormore networks 108. Server(s) 110 accessible through the network(s) 108 can host thesystem 106. One ormore data stores 102 can store the data to be analyzed and processed by thesystem 106 as well as any intermediate or final data generated by thesystem 106. -
FIG. 2 depicts another example embodiment where a payment processor provides a cloud service for secure operations. More specifically, the cloud service securely stores and transmits parts of encryption/decryption keys as shown at 202. Split key processing can include splitting the key in two and storing one of them on a remote secure server. - As an illustration, if the key were 123456, then the key would be split into two partial keys: 123 and 456. In this way, a hacker would have to breach a merchant's computer as well as bypass the remote secure server's security measures to gain access to the entire key. This approach prevents a hacker from breaching the system and stealing a key where a merchant has stored an encryption/decryption key on a secure computer.
- The cloud service can also combine additional security via
processing 204.Secure processing operations 204 can include techniques for detecting a network intrusion or other type of unauthorized access request. -
FIG. 3 shows an operational scenario example involving the encryption key broker system. Atstep 300, a key is split into two parts. It should be understood that the system could also include splitting the key into more than two parts. Atstep 302, one of the key parts is stored in a remote server. A partial-key request is subsequently received atstep 304. - Security analysis is performed in this operational scenario upon the request at
step 306. Such analysis atstep 306 can include a combination of risk analysis of requests, IP blocking and access rule restrictions to securely store and transmit parts of encryption/decryption keys. For example, this can include atstep 306 using artificial intelligence for intrusion detection. Prim's algorithm can also be used withinstep 306 for security operations. A description of the algorithm is provided in U.S. Pat. No. 8,924,270 entitled “Risk Assessment Rule Set Application For Fraud Prevention”, which document is incorporated herein for all purposes. It should be understood that many other types of security operations can be performed upon the request for the presence of malicious or unauthorized activity. - If the security analysis does not indicate any inappropriate activity with respect to the request, the partial key is provided at
step 308 to the requester. Atstep 310, a software tool at the client side receives the partial key and combines it with one or more other partial keys for use in encryption/decryption operations. -
FIG. 4 depicts an embodiment of the CEKB at 400 where a cloud service is provided for securely storing and transmitting parts of encryption/decryption keys. TheCEKB 400 stores at 410 parts of encryption/decryption keys remotely. In this embodiment, these keys can be retrieved (e.g. from the remote database 410) and only used at the client intemporary memory 402. In other embodiments, these keys can be retrieved and used at the client in memory and elsewhere such as in a type of secure memory. - A client tool known as the encryption key broker 404 (EKB) is provided that performs encrypting/decrypting routines. When started, the
EKB 404 calls out to a remote server on thecloud 406 to provide the necessary parts to complete the data encryption/decryption key. The key parts are transmitted in an encrypted form. These parts are decrypted, combined and the resulting data key is stored inmemory 402. -
FIG. 5 depicts an embodiment of the CEKB at 500 where a cloud service is provided by a payment processor or other type of company that combines risk analysis of requests, IP blocking, and access rule restrictions to securely store and transmit parts of encryption/decryption keys. TheCEKB 500 can also include layers of security techniques. For example, a real-time risk scoring model can be used as shown at 506 to evaluate each request and generate a risk score as well as IP checks 502. - Also as shown at 508, partners can define set rules, such as hours of the day or IP locations for restricting access. Batch risk models at 510 look for abnormal behavior across all partners. Keys involved in known breaches cannot be retrieved.
-
FIG. 6 illustrates that security analysis operations can be further extended. For example, all communications are logged and tracked as shown at 602. This enables rapid responses to identify the location of breaches. In the scenario depicted inFIG. 6 , the CEKB may be used in many different types of scenarios, such as those involving remote transactions and payment requests. A “remote transaction” may include any transaction where one party to a transaction is separated by some distance and/or by a device from another party to a transaction. For example, a remote transaction may include a “card—not present,” electronic commerce, or other online transaction performed through communication between two or more devices. For instance, remote transactions may include devices that are not present in the same location or multiple devices where the two parties (e.g., a merchant and a consumer) are not using the same device to complete the transaction. Additionally, a remote transaction may include an in-store transaction that is not completed using a merchant point-of-sale device (i.e., access device) and instead is completed by a consumer using their mobile device to communicate with a remote (or local) merchant server computer configured to process the remote transactions. Traditionally, remote transactions have had a higher chance of fraud because remote transactions do not allow a payee the opportunity to identify the payer or otherwise ensure that the payment they are receiving is legitimate, as the two parties are not present in the same location during the transaction (such as in a “card present” or in-store transaction). A local, card present, face-to-face, or in-store transaction may include a transaction where two or more parties to a transaction are present in the same location, use the same transaction device, or is performed through at least one present individual or entity to authenticate the identity of a payer and/or payee. - A “payment request” may include a message having a request to process or initiate a payment. For example, the payment request may be sent from mobile device associated with a consumer in relation to a purchase transaction associated with goods or services provided by a merchant. The payment request may include any relevant information to the transaction including payment information (e.g., account identifiers, personal information, etc.), transaction information (e.g., merchant information, items being purchased, etc.), device information (e.g., mobile device phone number, secure element identifier, etc.), routing information (e.g., internet protocol (IP) address of a destination computer, identifier for destination computer, bank identification number (BIN), etc.), and any other relevant information to a payment transaction. For example, a payment request may include encrypted payment information for a transaction and may be sent to a third party computer that is configured to authenticate the payment request, validate a public key certificate, decrypt the encrypted payment information, extract a public key from the validated certificate, re-encrypt the decrypted payment information, and send the re-encrypted payment information to a transaction processor for initiation of a payment transaction. Accordingly, the payment request may include any information relevant to the secure process for transmitting sensitive data to a merchant server for processing a remote transaction.
- As used herein, “transaction information” may include any data associated with a transaction. For example, transaction information may include a transaction amount, transaction time, transaction date, merchant information (e.g., registered merchant identifier, address, merchant computer IP address, etc.), product information (e.g., serial numbers, product names or other identifiers, etc.). The transaction information may be provided to a mobile device by a merchant server computer before or after the consumer initiates a payment transaction through the merchant application. In some embodiments, the transaction information may be used to identify a specific merchant associated with a transaction using the merchant information included in the transaction information.
- As used herein, “encrypted payment information” may include any payment information that has been made unintelligible to some parties to prevent unauthorized access to the payment information. For example, the encrypted payment information may not be read by a recipient without access to a shared secret or access to a designated encryption key. As such, the encrypted payment information may be made unintelligible through a process that is reversible and repeatable such that two entities can share information using a shared secret or encryption keys without unauthorized entities being able to understand or gain access to the sensitive payment information or sensitive payment credentials within the payment information (unless they gain access to the shared secret or encryption keys).
-
FIGS. 7 and 8 depict example systems for use with the operations disclosed herein. For example,FIG. 7 depicts anexemplary system 700 that includes a computer architecture where a processing system 702 (e.g., one or more computer processors located in a given computer or in multiple computers that may be separate and distinct from one another) includes aCEKB 704 being executed on theprocessing system 702. Theprocessing system 702 has access to a computer-readable memory 707 in addition to one ormore data stores 708. The one ormore data stores 708 may includeuser preferences 710. Theprocessing system 702 may be a distributed parallel computing environment, which may be used to handle very large-scale data sets. -
FIG. 8 depicts asystem 720 that includes a client-server architecture. One ormore user PCs 722 access one ormore servers 724 running a CEKB system 737 on aprocessing system 727 via one ormore networks 728. The one ormore servers 724 may access a computer-readable memory 730 as well as one ormore data stores 732. - In
FIGS. 7 and 8 , computer readable memories (e.g., at 707) or data stores (e.g., at 708) may include one or more data structures for storing and associating various data used in the example systems. For example, a data structure stored in any of the aforementioned locations may be used to store data including user preferences, etc. - Each of the element managers, real-time data buffer, conveyors, file input processor, database index shared access memory loader, reference data buffer and data managers may include a software application stored in one or more of the disk drives connected to the disk controller, the ROM and/or the RAM. The processor may access one or more components as required.
- A display interface may permit information from the bus to be displayed on a display in audio, graphic, or alphanumeric format. Communication with external devices may optionally occur using various communication ports.
- In addition to these computer-type components, the hardware may also include data input devices, such as a keyboard, or other input device, such as a microphone, remote control, pointer, mouse and/or joystick.
- Additionally, the methods and systems described herein may be implemented on many different types of processing devices by program code comprising program instructions that are executable by the device processing subsystem. The software program instructions may include source code, object code, machine code, or any other stored data that is operable to cause a processing system to perform the methods and operations described herein and may be provided in any suitable language such as C, C++, JAVA, for example, or any other suitable programming language. Other implementations may also be used, however, such as firmware or even appropriately designed hardware configured to carry out the methods and systems described herein.
- The systems' and methods' data (e.g., associations, mappings, data input, data output, intermediate data results, final data results, etc.) may be stored and implemented in one or more different types of computer-implemented data stores, such as different types of storage devices and programming constructs (e.g., RAM, ROM, Flash memory, flat files, databases, programming data structures, programming variables, IF-THEN (or similar type) statement constructs, etc.). It is noted that data structures describe formats for use in organizing and storing data in databases, programs, memory, or other computer-readable media for use by a computer program.
- The computer components, software modules, functions, data stores and data structures described herein may be connected directly or indirectly to each other in order to allow the flow of data needed for their operations. It is also noted that a module or processor includes but is not limited to a unit of code that performs a software operation, and can be implemented for example as a subroutine unit of code, or as a software function unit of code, or as an object (as in an object-oriented paradigm), or as an applet, or in a computer script language, or as another type of computer code. The software components and/or functionality may be located on a single computer or distributed across multiple computers depending upon the situation at hand.
- While the disclosure has been described in detail and with reference to specific embodiments thereof, it will be apparent to one skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the embodiments. Thus, it is intended that the present disclosure cover the modifications and variations of this disclosure.
Claims (21)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/045,435 US10547444B2 (en) | 2015-02-17 | 2016-02-17 | Cloud encryption key broker apparatuses, methods and systems |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201562117080P | 2015-02-17 | 2015-02-17 | |
US15/045,435 US10547444B2 (en) | 2015-02-17 | 2016-02-17 | Cloud encryption key broker apparatuses, methods and systems |
Publications (2)
Publication Number | Publication Date |
---|---|
US20160241390A1 true US20160241390A1 (en) | 2016-08-18 |
US10547444B2 US10547444B2 (en) | 2020-01-28 |
Family
ID=56622500
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/045,435 Active 2036-02-23 US10547444B2 (en) | 2015-02-17 | 2016-02-17 | Cloud encryption key broker apparatuses, methods and systems |
Country Status (9)
Country | Link |
---|---|
US (1) | US10547444B2 (en) |
EP (1) | EP3259726B1 (en) |
CN (1) | CN107408255A (en) |
AU (1) | AU2016220152B2 (en) |
BR (1) | BR112017017098A2 (en) |
CA (1) | CA2976701A1 (en) |
HK (1) | HK1243536A1 (en) |
SG (2) | SG11201706634WA (en) |
WO (1) | WO2016133958A1 (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107248912A (en) * | 2017-06-12 | 2017-10-13 | 济南浪潮高新科技投资发展有限公司 | A kind of file security applied to government affairs cloud stores solution |
WO2018084859A1 (en) * | 2016-11-04 | 2018-05-11 | Visa International Service Association | Data encryption control using multiple controlling authorities |
WO2019066822A1 (en) * | 2017-09-27 | 2019-04-04 | Visa International Service Association | Secure shared key establishment for peer to peer communications |
US10326733B2 (en) | 2015-12-30 | 2019-06-18 | Symantec Corporation | Systems and methods for facilitating single sign-on for multiple devices |
US10375114B1 (en) | 2016-06-27 | 2019-08-06 | Symantec Corporation | Systems and methods for enforcing access-control policies |
US10404697B1 (en) | 2015-12-28 | 2019-09-03 | Symantec Corporation | Systems and methods for using vehicles as information sources for knowledge-based authentication |
CN110198320A (en) * | 2019-06-03 | 2019-09-03 | 江苏恒宝智能系统技术有限公司 | A kind of ciphered information transmission method |
US10462184B1 (en) | 2016-06-28 | 2019-10-29 | Symantec Corporation | Systems and methods for enforcing access-control policies in an arbitrary physical space |
US10469457B1 (en) * | 2016-09-26 | 2019-11-05 | Symantec Corporation | Systems and methods for securely sharing cloud-service credentials within a network of computing devices |
US10687212B2 (en) | 2017-04-07 | 2020-06-16 | At&T Mobility Ii Llc | Mobile network core component for managing security keys |
US10812981B1 (en) | 2017-03-22 | 2020-10-20 | NortonLifeLock, Inc. | Systems and methods for certifying geolocation coordinates of computing devices |
WO2020219136A3 (en) * | 2019-01-28 | 2020-12-30 | Knectiq Inc. | System and method for secure electronic data transfer |
US20230155817A1 (en) * | 2021-11-15 | 2023-05-18 | Sap Se | Managing secret values using a secrets manager |
US11683159B2 (en) * | 2019-11-07 | 2023-06-20 | Google Llc | Hybrid content protection architecture |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11240240B1 (en) | 2017-08-09 | 2022-02-01 | Sailpoint Technologies, Inc. | Identity defined secure connect |
US11303633B1 (en) | 2017-08-09 | 2022-04-12 | Sailpoint Technologies, Inc. | Identity security gateway agent |
US11463426B1 (en) | 2018-01-25 | 2022-10-04 | Sailpoint Technologies, Inc. | Vaultless authentication |
CN109308609B (en) * | 2018-09-28 | 2021-07-30 | 北京金山安全软件有限公司 | Transaction confirmation method and device, digital wallet equipment and readable storage medium |
CN109446234B (en) * | 2018-10-12 | 2021-10-19 | Oppo广东移动通信有限公司 | Data processing method and device and electronic equipment |
CN109859350B (en) * | 2018-11-19 | 2021-09-03 | 上海奥宜电子科技有限公司 | Remote authorized fingerprint self-service entry method and hotel self-service check-in method |
US11843686B2 (en) | 2019-08-27 | 2023-12-12 | Intertrust Technologies Corporation | Multi-party cryptographic systems and methods |
US11314876B2 (en) | 2020-05-28 | 2022-04-26 | Bank Of America Corporation | System and method for managing built-in security for content distribution |
US10965665B1 (en) | 2020-09-16 | 2021-03-30 | Sailpoint Technologies, Inc | Passwordless privilege access |
CN112287364A (en) * | 2020-10-22 | 2021-01-29 | 同盾控股有限公司 | Data sharing method, device, system, medium and electronic equipment |
Citations (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5535276A (en) * | 1994-11-09 | 1996-07-09 | Bell Atlantic Network Services, Inc. | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography |
US5737419A (en) * | 1994-11-09 | 1998-04-07 | Bell Atlantic Network Services, Inc. | Computer system for securing communications using split private key asymmetric cryptography |
US5748735A (en) * | 1994-07-18 | 1998-05-05 | Bell Atlantic Network Services, Inc. | Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography |
US20030147536A1 (en) * | 2002-02-05 | 2003-08-07 | Andivahis Dimitrios Emmanouil | Secure electronic messaging system requiring key retrieval for deriving decryption keys |
US20040030917A1 (en) * | 2002-08-07 | 2004-02-12 | Karamchedu Murali M. | Opaque message archives |
US20060015358A1 (en) * | 2004-07-16 | 2006-01-19 | Chua Bryan S M | Third party authentication of an electronic transaction |
US20080091947A1 (en) * | 2006-10-17 | 2008-04-17 | Andrew John Dancer | Software registration system |
US20080172730A1 (en) * | 2007-01-12 | 2008-07-17 | Tricipher, Inc. | Enhanced security for user instructions |
US20100325431A1 (en) * | 2009-06-19 | 2010-12-23 | Joseph Martin Mordetsky | Feature-Specific Keys for Executable Code |
US20100333186A1 (en) * | 2005-12-13 | 2010-12-30 | Microsoft Corporation | Two-way authentication using a combined code |
US20110191248A1 (en) * | 1999-08-31 | 2011-08-04 | American Express Travel Related Services Company, Inc. | Methods and Apparatus for Conducting Electronic Transactions |
US20120198228A1 (en) * | 2010-12-20 | 2012-08-02 | Jon Oberheide | System and method for digital user authentication |
US20130108045A1 (en) * | 2011-10-27 | 2013-05-02 | Architecture Technology, Inc. | Methods, networks and nodes for dynamically establishing encrypted communications |
US20130185214A1 (en) * | 2012-01-12 | 2013-07-18 | Firethorn Mobile Inc. | System and Method For Secure Offline Payment Transactions Using A Portable Computing Device |
US20130262317A1 (en) * | 2012-04-02 | 2013-10-03 | Mastercard International Incorporated | Systems and methods for processing mobile payments by provisoning credentials to mobile devices without secure elements |
US20130290708A1 (en) * | 2012-04-26 | 2013-10-31 | Sap Ag | Configuration protection for providing security to configuration files |
US9160535B2 (en) * | 2012-03-19 | 2015-10-13 | Dell Inc | Truly anonymous cloud key broker |
US20160080157A1 (en) * | 2014-09-16 | 2016-03-17 | Keypasco Ab | Network authentication method for secure electronic transactions |
US20160119292A1 (en) * | 2011-11-09 | 2016-04-28 | Kabushiki Kaisha Toshiba | Re-encryption system, re-encryption apparatus, and program |
US20160132699A1 (en) * | 2014-11-12 | 2016-05-12 | Seagate Technology Llc | Split-Key Arrangement in a Multi-Device Storage Enclosure |
US9455968B1 (en) * | 2014-12-19 | 2016-09-27 | Emc Corporation | Protection of a secret on a mobile device using a secret-splitting technique with a fixed user share |
US20170024729A1 (en) * | 2014-04-16 | 2017-01-26 | Visa International Service Association | Secure Transmission of Payment Credentials |
Family Cites Families (65)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5301247A (en) * | 1992-07-23 | 1994-04-05 | Crest Industries, Inc. | Method for ensuring secure communications |
US5237611A (en) * | 1992-07-23 | 1993-08-17 | Crest Industries, Inc. | Encryption/decryption apparatus with non-accessible table of keys |
US5222136A (en) * | 1992-07-23 | 1993-06-22 | Crest Industries, Inc. | Encrypted communication system |
US5784463A (en) * | 1996-12-04 | 1998-07-21 | V-One Corporation | Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method |
US6075859A (en) * | 1997-03-11 | 2000-06-13 | Qualcomm Incorporated | Method and apparatus for encrypting data in a wireless communication system |
EP0936805A1 (en) * | 1998-02-12 | 1999-08-18 | Hewlett-Packard Company | Document transfer systems |
US6636966B1 (en) * | 2000-04-03 | 2003-10-21 | Dphi Acquisitions, Inc. | Digital rights management within an embedded storage device |
US7051211B1 (en) * | 2000-08-21 | 2006-05-23 | International Business Machines Corporation | Secure software distribution and installation |
US7085744B2 (en) * | 2000-12-08 | 2006-08-01 | International Business Machines Corporation | Method and system for conducting a transaction over a network |
US6978376B2 (en) * | 2000-12-15 | 2005-12-20 | Authentica, Inc. | Information security architecture for encrypting documents for remote access while maintaining access control |
US7065642B2 (en) * | 2000-12-19 | 2006-06-20 | Tricipher, Inc. | System and method for generation and use of asymmetric crypto-keys each having a public portion and multiple private portions |
US20030115452A1 (en) * | 2000-12-19 | 2003-06-19 | Ravi Sandhu | One time password entry to access multiple network sites |
US7017041B2 (en) * | 2000-12-19 | 2006-03-21 | Tricipher, Inc. | Secure communications network with user control of authenticated personal information provided to network entities |
US7069435B2 (en) * | 2000-12-19 | 2006-06-27 | Tricipher, Inc. | System and method for authentication in a crypto-system utilizing symmetric and asymmetric crypto-keys |
US7711122B2 (en) * | 2001-03-09 | 2010-05-04 | Arcot Systems, Inc. | Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys |
US7257844B2 (en) * | 2001-07-31 | 2007-08-14 | Marvell International Ltd. | System and method for enhanced piracy protection in a wireless personal communication device |
US7187772B2 (en) * | 2001-08-31 | 2007-03-06 | Hewlett-Packard Development Company, L.P. | Anonymous transactions based on distributed processing |
US20030226029A1 (en) * | 2002-05-29 | 2003-12-04 | Porter Allen J.C. | System for protecting security registers and method thereof |
EP1383265A1 (en) * | 2002-07-16 | 2004-01-21 | Nokia Corporation | Method for generating proxy signatures |
CA2494299C (en) * | 2002-08-06 | 2013-10-08 | Privaris, Inc. | Methods for secure enrollment and backup of personal identity credentials into electronic devices |
US20040030916A1 (en) * | 2002-08-07 | 2004-02-12 | Karamchedu Murali M. | Preemptive and interactive data solicitation for electronic messaging |
US20040030918A1 (en) * | 2002-08-07 | 2004-02-12 | Karamchedu Murali M. | Enterprise based opaque message archives |
US7469340B2 (en) * | 2002-08-07 | 2008-12-23 | Kryptiq Corporation | Selective encryption of electronic messages and data |
US20040114766A1 (en) * | 2002-08-26 | 2004-06-17 | Hileman Mark H. | Three-party authentication method and system for e-commerce transactions |
WO2006078572A2 (en) * | 2005-01-18 | 2006-07-27 | Tricipher, Inc. | Asymmetric crypto-graphy with rolling key security |
US20060182283A1 (en) * | 2005-02-14 | 2006-08-17 | Tricipher, Inc. | Architecture for asymmetric crypto-key storage |
US7630493B2 (en) * | 2005-01-18 | 2009-12-08 | Tricipher, Inc. | Multiple factor private portion of an asymmetric key |
JP4954979B2 (en) * | 2005-04-29 | 2012-06-20 | オラクル・インターナショナル・コーポレイション | Systems and methods for fraud monitoring, detection, and hierarchical user authentication |
WO2006130619A2 (en) * | 2005-05-31 | 2006-12-07 | Tricipher, Inc. | Secure login using augmented single factor split key asymmetric cryptography |
US20070150723A1 (en) * | 2005-12-23 | 2007-06-28 | Estable Luis P | Methods and apparatus for increasing security and control of voice communication sessions using digital certificates |
WO2008030549A2 (en) * | 2006-09-06 | 2008-03-13 | Sslnext Inc. | Method and system for providing authentication service for internet users |
US8958562B2 (en) * | 2007-01-16 | 2015-02-17 | Voltage Security, Inc. | Format-preserving cryptographic systems |
JP4941737B2 (en) * | 2007-04-27 | 2012-05-30 | ソニー株式会社 | Recording apparatus and method, and program |
US8423789B1 (en) * | 2007-05-22 | 2013-04-16 | Marvell International Ltd. | Key generation techniques |
CA2698000C (en) * | 2007-09-04 | 2015-10-27 | Certicom Corp. | Signatures with confidential message recovery |
US8205795B2 (en) * | 2007-09-20 | 2012-06-26 | Felica Networks, Inc. | Communication device, remote server, terminal device, financial card issue system, financial card authentication system, and program |
GB0805830D0 (en) * | 2008-03-31 | 2008-04-30 | British Telecomm | Keys for protecting user access to media |
US8095800B2 (en) * | 2008-11-20 | 2012-01-10 | General Dynamics C4 System, Inc. | Secure configuration of programmable logic device |
US8151333B2 (en) * | 2008-11-24 | 2012-04-03 | Microsoft Corporation | Distributed single sign on technologies including privacy protection and proactive updating |
US8291239B2 (en) * | 2008-11-25 | 2012-10-16 | Pitney Bowes Inc. | Method and system for authenticating senders and recipients in a carrier system and providing receipt of specified content by a recipient |
US20100192201A1 (en) * | 2009-01-29 | 2010-07-29 | Breach Security, Inc. | Method and Apparatus for Excessive Access Rate Detection |
CN102428686A (en) * | 2009-05-19 | 2012-04-25 | 安全第一公司 | Systems and methods for securing data in the cloud |
US9113042B2 (en) * | 2009-08-28 | 2015-08-18 | Broadcom Corporation | Multi-wireless device channel communications |
CA2781872A1 (en) * | 2009-11-25 | 2011-06-09 | Security First Corp. | Systems and methods for securing data in motion |
US8824492B2 (en) * | 2010-05-28 | 2014-09-02 | Drc Computer Corporation | Accelerator system for remote data storage |
ES2584057T3 (en) * | 2010-08-12 | 2016-09-23 | Security First Corp. | System and method of secure remote data storage |
US9032208B2 (en) * | 2010-08-24 | 2015-05-12 | Mitsubishi Electric Corporation | Communication terminal, communication system, communication method and communication program |
US8650654B2 (en) * | 2010-09-17 | 2014-02-11 | Kabushiki Kaisha Toshiba | Memory device, memory system, and authentication method |
US8677148B2 (en) * | 2011-01-27 | 2014-03-18 | Security First Corp. | Systems and methods for securing data |
US8627091B2 (en) * | 2011-04-01 | 2014-01-07 | Cleversafe, Inc. | Generating a secure signature utilizing a plurality of key shares |
JP5624510B2 (en) * | 2011-04-08 | 2014-11-12 | 株式会社東芝 | Storage device, storage system, and authentication method |
IL213662A0 (en) * | 2011-06-20 | 2011-11-30 | Eliphaz Hibshoosh | Key generation using multiple sets of secret shares |
US20140310527A1 (en) * | 2011-10-24 | 2014-10-16 | Koninklijke Kpn N.V. | Secure Distribution of Content |
US20130226812A1 (en) * | 2012-02-24 | 2013-08-29 | Mads Landrok | Cloud proxy secured mobile payments |
US9572029B2 (en) * | 2012-04-10 | 2017-02-14 | Imprivata, Inc. | Quorum-based secure authentication |
WO2013168255A1 (en) * | 2012-05-10 | 2013-11-14 | 三菱電機株式会社 | Application program execution device |
CN103428172A (en) * | 2012-05-18 | 2013-12-04 | 袁斌 | Method for safely storing information and method for safely reading information |
US8712044B2 (en) * | 2012-06-29 | 2014-04-29 | Dark Matter Labs Inc. | Key management system |
US9536047B2 (en) * | 2012-09-14 | 2017-01-03 | Ecole Polytechnique Federale De Lausanne (Epfl) | Privacy-enhancing technologies for medical tests using genomic data |
US9942750B2 (en) * | 2013-01-23 | 2018-04-10 | Qualcomm Incorporated | Providing an encrypted account credential from a first device to a second device |
US9306742B1 (en) * | 2013-02-05 | 2016-04-05 | Google Inc. | Communicating a secret |
US20150372770A1 (en) * | 2013-02-06 | 2015-12-24 | Koninklijke Philips N.V. | Body coupled communiication system |
WO2015198098A1 (en) * | 2014-06-26 | 2015-12-30 | Telefonaktiebolaget L M Ericsson (Publ) | Privacy-preserving querying mechanism on privately encrypted data on semi-trusted cloud |
US9231925B1 (en) * | 2014-09-16 | 2016-01-05 | Keypasco Ab | Network authentication method for secure electronic transactions |
US9524370B2 (en) * | 2014-11-03 | 2016-12-20 | Ecole Polytechnique Federale De Lausanne (Epfl) | Method for privacy-preserving medical risk test |
-
2016
- 2016-02-17 AU AU2016220152A patent/AU2016220152B2/en active Active
- 2016-02-17 CN CN201680010512.3A patent/CN107408255A/en active Pending
- 2016-02-17 SG SG11201706634WA patent/SG11201706634WA/en unknown
- 2016-02-17 SG SG10201907538SA patent/SG10201907538SA/en unknown
- 2016-02-17 BR BR112017017098-1A patent/BR112017017098A2/en not_active Application Discontinuation
- 2016-02-17 US US15/045,435 patent/US10547444B2/en active Active
- 2016-02-17 CA CA2976701A patent/CA2976701A1/en not_active Abandoned
- 2016-02-17 EP EP16752945.2A patent/EP3259726B1/en active Active
- 2016-02-17 WO PCT/US2016/018165 patent/WO2016133958A1/en active Application Filing
-
2018
- 2018-03-01 HK HK18102938.1A patent/HK1243536A1/en unknown
Patent Citations (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5748735A (en) * | 1994-07-18 | 1998-05-05 | Bell Atlantic Network Services, Inc. | Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography |
US5535276A (en) * | 1994-11-09 | 1996-07-09 | Bell Atlantic Network Services, Inc. | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography |
US5737419A (en) * | 1994-11-09 | 1998-04-07 | Bell Atlantic Network Services, Inc. | Computer system for securing communications using split private key asymmetric cryptography |
US20110191248A1 (en) * | 1999-08-31 | 2011-08-04 | American Express Travel Related Services Company, Inc. | Methods and Apparatus for Conducting Electronic Transactions |
US20030147536A1 (en) * | 2002-02-05 | 2003-08-07 | Andivahis Dimitrios Emmanouil | Secure electronic messaging system requiring key retrieval for deriving decryption keys |
US20040030917A1 (en) * | 2002-08-07 | 2004-02-12 | Karamchedu Murali M. | Opaque message archives |
US7299357B2 (en) * | 2002-08-07 | 2007-11-20 | Kryptiq Corporation | Opaque message archives |
US20060015358A1 (en) * | 2004-07-16 | 2006-01-19 | Chua Bryan S M | Third party authentication of an electronic transaction |
US20100333186A1 (en) * | 2005-12-13 | 2010-12-30 | Microsoft Corporation | Two-way authentication using a combined code |
US20080091947A1 (en) * | 2006-10-17 | 2008-04-17 | Andrew John Dancer | Software registration system |
US20080172730A1 (en) * | 2007-01-12 | 2008-07-17 | Tricipher, Inc. | Enhanced security for user instructions |
US20100325431A1 (en) * | 2009-06-19 | 2010-12-23 | Joseph Martin Mordetsky | Feature-Specific Keys for Executable Code |
US20120198228A1 (en) * | 2010-12-20 | 2012-08-02 | Jon Oberheide | System and method for digital user authentication |
US20130108045A1 (en) * | 2011-10-27 | 2013-05-02 | Architecture Technology, Inc. | Methods, networks and nodes for dynamically establishing encrypted communications |
US20160119292A1 (en) * | 2011-11-09 | 2016-04-28 | Kabushiki Kaisha Toshiba | Re-encryption system, re-encryption apparatus, and program |
US20130185214A1 (en) * | 2012-01-12 | 2013-07-18 | Firethorn Mobile Inc. | System and Method For Secure Offline Payment Transactions Using A Portable Computing Device |
US9160535B2 (en) * | 2012-03-19 | 2015-10-13 | Dell Inc | Truly anonymous cloud key broker |
US20130262317A1 (en) * | 2012-04-02 | 2013-10-03 | Mastercard International Incorporated | Systems and methods for processing mobile payments by provisoning credentials to mobile devices without secure elements |
US20130290708A1 (en) * | 2012-04-26 | 2013-10-31 | Sap Ag | Configuration protection for providing security to configuration files |
US20170024729A1 (en) * | 2014-04-16 | 2017-01-26 | Visa International Service Association | Secure Transmission of Payment Credentials |
US20160080157A1 (en) * | 2014-09-16 | 2016-03-17 | Keypasco Ab | Network authentication method for secure electronic transactions |
US20160132699A1 (en) * | 2014-11-12 | 2016-05-12 | Seagate Technology Llc | Split-Key Arrangement in a Multi-Device Storage Enclosure |
US9455968B1 (en) * | 2014-12-19 | 2016-09-27 | Emc Corporation | Protection of a secret on a mobile device using a secret-splitting technique with a fixed user share |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10404697B1 (en) | 2015-12-28 | 2019-09-03 | Symantec Corporation | Systems and methods for using vehicles as information sources for knowledge-based authentication |
US10326733B2 (en) | 2015-12-30 | 2019-06-18 | Symantec Corporation | Systems and methods for facilitating single sign-on for multiple devices |
US10375114B1 (en) | 2016-06-27 | 2019-08-06 | Symantec Corporation | Systems and methods for enforcing access-control policies |
US10462184B1 (en) | 2016-06-28 | 2019-10-29 | Symantec Corporation | Systems and methods for enforcing access-control policies in an arbitrary physical space |
US10469457B1 (en) * | 2016-09-26 | 2019-11-05 | Symantec Corporation | Systems and methods for securely sharing cloud-service credentials within a network of computing devices |
US10680805B2 (en) | 2016-11-04 | 2020-06-09 | Visa International Service Association | Data encryption control using multiple controlling authorities |
WO2018084859A1 (en) * | 2016-11-04 | 2018-05-11 | Visa International Service Association | Data encryption control using multiple controlling authorities |
CN109891423A (en) * | 2016-11-04 | 2019-06-14 | 维萨国际服务协会 | It is controlled using the data encryption of multiple control mechanisms |
US10812981B1 (en) | 2017-03-22 | 2020-10-20 | NortonLifeLock, Inc. | Systems and methods for certifying geolocation coordinates of computing devices |
US10687212B2 (en) | 2017-04-07 | 2020-06-16 | At&T Mobility Ii Llc | Mobile network core component for managing security keys |
US11461478B2 (en) | 2017-04-07 | 2022-10-04 | At&T Mobility Ii Llc | Mobile network core component for managing security keys |
CN107248912A (en) * | 2017-06-12 | 2017-10-13 | 济南浪潮高新科技投资发展有限公司 | A kind of file security applied to government affairs cloud stores solution |
WO2019066822A1 (en) * | 2017-09-27 | 2019-04-04 | Visa International Service Association | Secure shared key establishment for peer to peer communications |
US11563567B2 (en) | 2017-09-27 | 2023-01-24 | Visa International Service Association | Secure shared key establishment for peer to peer communications |
WO2020219136A3 (en) * | 2019-01-28 | 2020-12-30 | Knectiq Inc. | System and method for secure electronic data transfer |
KR20210109667A (en) * | 2019-01-28 | 2021-09-06 | 크넥트아이큐 인크. | Systems and methods for secure electronic data transmission |
US11165568B2 (en) * | 2019-01-28 | 2021-11-02 | Knectiq Inc. | System and method for secure electronic data transfer |
US20220060321A1 (en) * | 2019-01-28 | 2022-02-24 | Knectiq Inc. | System and method for secure electronic data transfer |
KR102413497B1 (en) | 2019-01-28 | 2022-06-24 | 크넥트아이큐 인크. | Systems and methods for secure electronic data transmission |
CN110198320A (en) * | 2019-06-03 | 2019-09-03 | 江苏恒宝智能系统技术有限公司 | A kind of ciphered information transmission method |
US11683159B2 (en) * | 2019-11-07 | 2023-06-20 | Google Llc | Hybrid content protection architecture |
US20230155817A1 (en) * | 2021-11-15 | 2023-05-18 | Sap Se | Managing secret values using a secrets manager |
Also Published As
Publication number | Publication date |
---|---|
AU2016220152A1 (en) | 2017-08-24 |
BR112017017098A2 (en) | 2018-04-03 |
CN107408255A (en) | 2017-11-28 |
SG10201907538SA (en) | 2019-09-27 |
EP3259726B1 (en) | 2021-03-31 |
SG11201706634WA (en) | 2017-09-28 |
HK1243536A1 (en) | 2018-07-13 |
AU2016220152B2 (en) | 2022-01-13 |
CA2976701A1 (en) | 2016-08-25 |
EP3259726A4 (en) | 2018-09-26 |
US10547444B2 (en) | 2020-01-28 |
WO2016133958A1 (en) | 2016-08-25 |
EP3259726A1 (en) | 2017-12-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10547444B2 (en) | Cloud encryption key broker apparatuses, methods and systems | |
US11810080B2 (en) | Systems and method for tracking enterprise events using hybrid public-private blockchain ledgers | |
US10581805B2 (en) | Blockchain overwatch | |
US11451392B2 (en) | Token-based secure data management | |
US20240106812A1 (en) | Generating reports from information within a zero-knowledge data management network | |
US10509898B2 (en) | Enhanced security authentication methods, systems and media | |
CN108463827B (en) | System and method for detecting sensitive information leakage while preserving privacy | |
US20150324787A1 (en) | Policy-Based Control and Augmentation of Cryptocurrencies and Cryptocurrency Security | |
US20160260091A1 (en) | Universal wallet for digital currency | |
US20210374724A1 (en) | Secure digital wallet processing system | |
Singh et al. | Cloud computing security using blockchain technology | |
CA2948229C (en) | Systems and method for tracking enterprise events using hybrid public-private blockchain ledgers | |
US20180218357A1 (en) | Export high value material based on ring 1 evidence of ownership | |
Wilusz et al. | Securing cryptoasset insurance services with multisignatures | |
Narang et al. | Preserving confidentiality and privacy of sensitive data in e-procurement system | |
Dudykevych et al. | Investigation of Payment Cards systems information security control | |
Schulz et al. | Options to improve the general model of security management in private bank with GDPR compliance | |
RU2795371C1 (en) | Method and system of depersonalized assessment of clients of organizations for carrying out operations between organizations | |
Chattopadhyay et al. | Mobile agent security against malicious hosts: A survey | |
US20230124498A1 (en) | Systems And Methods For Whitebox Device Binding | |
Shyaa et al. | Securing Transactions Using Hybrid Cryptography in E-commerce Apps | |
US20150235214A1 (en) | User Authentication and Authorization | |
Chandio et al. | Secure Architecture for Electronic Commerce Applications Running over the Cloud | |
CN116132185A (en) | Data calling method, system, device, equipment and medium | |
WO2024026428A1 (en) | Digital identity allocation, assignment, and management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: VISA INTERNATIONAL SERVICE ASSOCIATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HARRIS, THEODORE;EDINGTON, SCOTT;SIGNING DATES FROM 20160315 TO 20160323;REEL/FRAME:038240/0943 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |